Searching in Active Directory C# Help

Because Active Directory is a data store optimized for read-mostly access, you will generally search for values. To search in Active Directory, the .NET Framework provides the DirectorySearcher class.

You can use DirectorySearcher only with the LDAP provider; it doesn’t work with the other providers such as NDS or llS ..

In the constructor of the DirectorySearcher class, you can define four important parts for the search. You can also use a default constructor and define the search options with properties.

SearchRoot

The search root specifies where the search should start. The default of SearchRoot is the root of the domain you are currently using. SearchRoot is specified with the Path of a DirectoryEntry object.

Filter

The filter defines the values where you want to get hits. The filter is a string that must be enclosed in parentheses.

Relational operators such as <=, =, and >= are allowed in expressions. (objectClass=contact) searches all objects of type contact; (lastName>=Nagel) searches all objects alphabetically where the lastName property is equal to or larger than Nagel.

Expressions can be combined with the & and I prefix operators. For example, (&(objectClass=user) (description=Auth”)) searches all objects of type user where the property description starts with the string Auth. Because the & and I operators are at the beginning of the expressions, it is possible to combine more than two expressions with a single prefix operator.

The default filter is (objectClass= *) so all objects are valid.

PropertlesToLoad

With PropertiesToLoad, you can define a StringCollection of all the properties in which you are interested. Objects can have a lot of properties, most of which will not be important for your search request. You define the properties that should be loaded into the cache. The default properties that are returned if nothing is specified are the path and the name of the object.

SearchScope

SearchScope is an enumeration that defines how deep the search should extend:

  1. SearchScope. Base searches only the attributes in the object where the search started, so at most one object is found.
  2. With SearchScope. OneLevel, the search continues in the child collection of the base object. The base object itself is not searched for a hit.
  3. SearchScope. Subtree defines that the search should go down the complete tree.

The default value of the SearchScope property is SearchScope.Subtree.

Search Limits

A search for specific objects in a directory service can span multiple domains. To limit the search to the number of objects or the time taken, you have some additional properties to define, as shown in the following table.

Capture

In the search example, all user objects with a property description value of Author are searched in the organizational unit thinktecture.

First, bind to the organizational unit thinktecture. This is where the search should start. Create a DirectorySearcher object where the SearchRoot is set. The filter is defined as (&(objectClass=user) (description=Auth*), so that the search spans all objects of type user with a description of Auth followed by something else. The scope of the search should be a subtree so that child organizational units within thinktecture are searched, too:

Capture

The properties that should be in the result of the search are name, description, givenName.

Capture

You are ready to do the search. However, the result should also be sorted. DirectorySearcher has a Sort property, where you can set a SortOption. The first argument in the constructor of the SortOption class defines the property that will be ised for a sort; the second argument defines the direction of the sort. The SortDirection enumerz Jon has Ascending and Descending values.

To start the search, you can use the FindOne() me iod to find the first object, or FindAll() . FindOne() returns a simple SearchResult, whereas FindAll() returns a SearchResul tCollection. Here, all authors should be returned, so FindAll() is used:

searcher.Sort=newSortOption(“givenName”,SortDirection.  Ascending);
SearchResultCollection results = searcher.FindAll();

With a foreach loop, every SearchResult in the SearchResultCollection is accessed. A SearchResult represents a single object in the search cache. The Properties property returns a ResultPropertyCollection, where you access all properties and values with the property name and the indexer: .

Capture

It is also possible to get the complete obiect after a search: SearchResult has a GetDirectoryEntry() method that returns the corresponding DirectoryEntry of the found object.

The resulting output shows the beginning of the list of all thinktecture associates with the properties that have been chosen:

Capture

Posted on November 2, 2015 in Directory Services

Share the Story

Back to Top